CIE IGCSE·💻 Computer Science

CIE IGCSE Computer Science — Paper 1 (Theory)

⏱ 105 minutes📊 75 marks📄 Paper 1 (Theory)

📚 Subject revision notes ↩ All exam papers

ℹ️ About this paper: This is an exam-board-aligned practice paper written in the style of CIE IGCSE — not an official past paper. Use it for timed practice, then check against the mark scheme included below. For official past papers, see the exam board's website.

00:00of 105:00

CIE IGCSE Computer Science — Paper 1 (Theory)

Total marks: 75 · Duration: 105 minutes

Instructions to candidates

• Answer all questions in both Section A and Section B. • Write your answers in the spaces provided on the question paper. • You may use an HB pencil for any diagrams or graphs. • Calculators may be used but all working must be shown. • The number of marks is given in brackets [ ] at the end of each question or part question. • The total mark for this paper is 75. • Section A carries 45 marks and Section B carries 30 marks.

Paper

Section A — Structured Questions (45 marks)

Question 1

A school library uses a database management system to keep track of books and borrowers.

The library database contains two tables:

BOOKS table:

BookID	Title	Author	Genre	Available
1001	Digital Fortress	Brown, D	Thriller	Y
1002	Computer Networks	Tanenbaum, A	Non-fiction	N
1003	The Phoenix Project	Kim, G	Business	Y
1004	Clean Code	Martin, R	Non-fiction	Y

BORROWERS table:

BorrowerID	Surname	FirstName	YearGroup
5001	Chen	Li	10
5002	Patel	Amir	11
5003	Johnson	Emma	10

(a) State what is meant by a primary key in a database table. [1]

(b) Identify a suitable primary key for the BOOKS table. [1]

(c) The library wants to create a third table called LOANS to record which borrower has borrowed which book.

(i) State two fields that should be included in the LOANS table. [2]

(ii) Explain why the LOANS table is needed rather than adding borrower information directly to the BOOKS table. [2]

(d) Write an SQL query to display the Title and Author of all books where the Genre is 'Non-fiction'. [3]

Question 2

A company is developing a mobile app that will store sensitive customer payment information.

(a) Describe what is meant by encryption. [2]

(b) The company decides to use symmetric encryption to protect the data.

(i) Explain how symmetric encryption works. [3]

(ii) State one advantage and one disadvantage of using symmetric encryption rather than asymmetric encryption. [2]

(c) The app will authenticate users before allowing access to payment information.

Describe two different methods of authentication that could be used, other than a simple password. [4]

Question 3

A programmer is writing a program to calculate the cost of cinema tickets.

The program uses the following rules:

Standard ticket price is $12.00
Children under 12 pay half price
Senior citizens (65 and over) pay $8.00
There is a $2.00 booking fee per transaction (not per ticket)

(a) Complete the following pseudocode algorithm to calculate the total cost for one ticket based on the age of the customer:

INPUT Age
IF Age < 12
   THEN Cost ← .............................
ELSE
   IF .............................
      THEN Cost ← 8.00
   ELSE
      Cost ← .............................
   ENDIF
ENDIF

[3]

(b) The programmer needs to extend the program to handle multiple tickets in one transaction and add the booking fee.

Write pseudocode to:

Input the number of tickets required
For each ticket, input the age and calculate the cost
Calculate the total cost including the booking fee
Output the total cost

You may use the algorithm from part (a) as part of your solution. [6]

(c) The program will be tested before being released.

(i) Explain the difference between syntax errors and logic errors. [2]

(ii) Suggest one test case that would help identify whether the booking fee is being calculated correctly. [2]

Question 4

A weather monitoring station collects temperature data every hour and transmits it to a central server.

(a) The temperature sensor produces an analogue signal.

(i) State what is meant by an analogue signal. [1]

(ii) Explain why the signal must be converted to digital form before being processed by a computer. [2]

(b) The system uses sensors to collect data automatically rather than requiring manual data entry.

State two advantages of using sensors for automatic data collection in this application. [2]

(c) Each temperature reading is stored as a real number with 32 bits of precision.

The monitoring station collects data 24 times per day (once per hour) for 365 days per year.

Calculate the total file size in megabytes (MB) needed to store one year of temperature data.

Show all your working. [4]

Question 5

A programmer is developing software using an iterative development approach.

(a) Describe what is meant by iterative development. [2]

(b) Compare iterative development with the waterfall model of software development. [4]

(c) The programmer writes the following pseudocode:

Counter ← 0
Total ← 0
REPEAT
   INPUT Number
   Total ← Total + Number
   Counter ← Counter + 1
UNTIL Counter = 10
Average ← Total / Counter
OUTPUT Average

(i) State what type of loop is being used in this algorithm. [1]

(ii) The programmer performs a dry run of the algorithm with the following input values: 5, 8, 12, 15, 20, 3, 7, 11, 9, 10

Complete the trace table for this algorithm:

Counter	Number	Total
0		0
	5
	8
	12

[4]

Section B — Extended Response (30 marks)

Question 6

Modern vehicles contain many embedded systems that control various functions such as engine management, anti-lock braking systems (ABS), climate control, and entertainment systems.

(a) Explain what is meant by an embedded system. [2]

(b) Discuss the use of embedded systems in modern vehicles.

Your answer should include:

The characteristics that make embedded systems suitable for vehicle control applications
The advantages of using embedded systems in vehicles
The potential risks and limitations of relying on embedded systems for critical vehicle functions
How these risks might be managed

[12]

Question 7

A large online retailer stores customer data including names, addresses, purchase history, and payment card details.

(a) State two requirements of the Data Protection Act that the retailer must follow. [2]

(b) The retailer has experienced rapid growth and needs to upgrade its data storage infrastructure.

The IT department is considering whether to:

Upgrade their existing on-site servers and storage systems, or
Move to cloud-based storage and processing

Evaluate these two options for the online retailer.

Your answer should consider:

Cost implications
Scalability and performance
Security and data protection
Reliability and availability
Control and management

You should make a justified recommendation for which option the retailer should choose. [14]

📋 Mark Scheme & Sample Answers

Hidden by default — attempt the paper first, then check your work against the examiner-style mark scheme.

⚡ Unlock with Pro

Mark Scheme

Section A — Structured Questions

Question 1

(a) State what is meant by a primary key in a database table. [1]

1 mark for:

A field (or combination of fields) that uniquely identifies each record in a table
Accept: unique identifier / cannot contain duplicate values / each value appears only once
Reject: "a field that is important" or "main field" without reference to uniqueness

(b) Identify a suitable primary key for the BOOKS table. [1]

1 mark for:

BookID

(c)(i) State two fields that should be included in the LOANS table. [2]

1 mark each for any two from:

BookID
BorrowerID
Date borrowed / DateOut / LoanDate
Date due / Return date / DateDue
Accept: Foreign keys that reference the primary keys
Reject: Title, Author, or other fields that duplicate data from existing tables

(c)(ii) Explain why the LOANS table is needed rather than adding borrower information directly to the BOOKS table. [2]

1 mark each for any two from:

A book can be borrowed multiple times (by different borrowers at different times)
Multiple borrows would require duplicate book records / data redundancy
Avoids data inconsistency / anomalies
Maintains data integrity
Allows tracking of loan history
A borrower can borrow multiple books
Accept: explanations referring to many-to-many relationships or normalisation

(d) Write an SQL query to display the Title and Author of all books where the Genre is 'Non-fiction'. [3]

3 marks for:

SELECT Title, Author
FROM BOOKS
WHERE Genre = 'Non-fiction'

Award marks as follows:

1 mark: SELECT with correct field names (Title, Author) or SELECT *
1 mark: FROM BOOKS (correct table name)
1 mark: WHERE Genre = 'Non-fiction' (correct condition with quotes)

Accept: Single or double quotes, case variations in SQL keywords Reject: Missing quotes around 'Non-fiction', incorrect field/table names

Question 2

(a) Describe what is meant by encryption. [2]

1 mark each for two from:

Converting data/plaintext into an unreadable form / ciphertext
Using an algorithm / cipher
Using a key
To prevent unauthorised access / keep data secure
Can be reversed / decrypted using a key
Accept: "scrambling data" if qualified with reversibility
Reject: "hiding data" alone without transformation concept

(b)(i) Explain how symmetric encryption works. [3]

1 mark each for three from:

Uses the same key for encryption and decryption
Sender encrypts the plaintext using the key and algorithm
Encrypted message / ciphertext is transmitted
Receiver decrypts the ciphertext using the same key
Both parties must have the key before communication
The key must be kept secret / transmitted securely
Accept: specific examples of symmetric algorithms (AES, DES)

(b)(ii) State one advantage and one disadvantage of using symmetric encryption rather than asymmetric encryption. [2]

1 mark for advantage:

Faster / more efficient / requires less processing power
Suitable for encrypting large amounts of data
Simpler algorithm
Accept: "quicker" or "less resource intensive"

1 mark for disadvantage:

Key distribution problem / both parties need the same key
Key must be transmitted securely
If key is intercepted, security is compromised
Need separate keys for each pair of communicators / key management becomes complex with many users
Accept: "difficult to share the key safely"

(c) Describe two different methods of authentication that could be used, other than a simple password. [4]

2 marks each for two methods (1 mark for identification, 1 mark for description):

Accept any two from:

Biometric authentication (1): fingerprint / facial recognition / iris scan / voice recognition (1) Uses unique physical characteristics of the user (1)
Two-factor authentication / 2FA (1): Requires two different types of authentication (1) / something you know and something you have (1) / e.g., password plus code sent to phone (1)
Security token / key fob (1): Physical device that generates one-time codes (1) / USB key that must be inserted (1)
Smart card (1): Card with embedded chip containing authentication data (1)
PIN in addition to password (1): Numeric code that must be entered (1)
Security questions (1): Personal questions only the user should know the answer to (1)

Reject: Simple password (as stated in question), username (not authentication method)

Question 3

(a) Complete the pseudocode algorithm. [3]

Correct completion:

INPUT Age
IF Age < 12
   THEN Cost ← 6.00                [1 mark]
ELSE
   IF Age >= 65                     [1 mark]
      THEN Cost ← 8.00
   ELSE
      Cost ← 12.00                  [1 mark]
   ENDIF
ENDIF

Award marks for:

1 mark: 6.00 or 12.00 / 2 or 12 / 2 (half price calculation)
1 mark: Age >= 65 or Age > 64 (correct condition for senior)
1 mark: 12.00 or 12 (standard price)

Accept: 6, 8, 12 without decimal points; minor syntax variations Reject: Incorrect values or conditions

(b) Write pseudocode for multiple tickets with booking fee. [6]

Award marks using point-based marking:

1 mark: INPUT / read number of tickets
1 mark: Initialise Total to 0 (or similar variable)
1 mark: Loop structure for correct number of iterations (FOR or WHILE or REPEAT)
1 mark: INPUT Age for each ticket inside the loop
1 mark: Calculate individual ticket cost (may reference part (a) or replicate logic)
1 mark: Add ticket cost to running total
1 mark: Add booking fee (2.00) to total
1 mark: OUTPUT the total cost

Maximum 6 marks

Sample acceptable solution:

INPUT NumberOfTickets
Total ← 0
FOR Counter ← 1 TO NumberOfTickets
   INPUT Age
   IF Age < 12
      THEN Cost ← 6.00
   ELSE
      IF Age >= 65
         THEN Cost ← 8.00
      ELSE
         Cost ← 12.00
      ENDIF
   ENDIF
   Total ← Total + Cost
ENDFOR
Total ← Total + 2.00
OUTPUT Total

Accept: Different variable names, alternative loop structures, calling part (a) as a procedure Reject: Solutions that don't iterate for each ticket, missing booking fee, booking fee added per ticket

(c)(i) Explain the difference between syntax errors and logic errors. [2]

1 mark each for:

Syntax error: Breaking the rules / grammar of the programming language (1) Prevents the program from running / being compiled (1) Accept: Examples like missing brackets, misspelled keywords
Logic error: The program runs but produces incorrect results (1) Error in the algorithm / design / reasoning (1) Accept: "the program does not do what was intended"

Reject: Vague statements like "typing mistakes" without clarification

(c)(ii) Suggest one test case that would help identify whether the booking fee is being calculated correctly. [2]

2 marks for appropriate test case with:

Test data specified (1)
Expected outcome (1)

Examples:

Order 1 ticket, age 25 (1), expect total of £14.00 (12.00 + 2.00) (1)
Order 2 tickets, both age 25 (1), expect total of £26.00 (12+12+2, not 12+2+12+2) (1)
Order 0 tickets (1), expect £2.00 or error message (1)

Accept: Any test where the expected result demonstrates correct booking fee calculation Award 1 mark only if: Test data given but no expected result, or expected result without clear test input

Question 4

(a)(i) State what is meant by an analogue signal. [1]

1 mark for:

A continuously varying signal / can take any value within a range
Represents data using continuous physical quantities
Accept: "infinite possible values", "smooth wave"
Reject: "real-world data" alone without reference to continuous nature

(a)(ii) Explain why the signal must be converted to digital form before being processed by a computer. [2]

1 mark each for two from:

Computers are digital devices / work with binary / discrete values
Computers cannot process analogue signals directly
Digital signals are less susceptible to noise / interference
Digital signals can be stored / transmitted more reliably
Digital signals can be processed / manipulated by computer algorithms
Accept: reference to ADC (Analogue to Digital Converter)

(b) State two advantages of using sensors for automatic data collection in this application. [2]

1 mark each for two from:

More accurate / consistent than human readings
Can operate continuously / 24 hours per day
Can take readings more frequently than humans
No human error in recording
Humans don't need to be present / reduces labour costs
Can operate in harsh environments / remote locations
Faster data collection
Immediate transmission of data
Accept: specific advantages relevant to weather monitoring

(c) Calculate the total file size in megabytes (MB) needed to store one year of temperature data. [4]

Working:

Each reading: 32 bits
Readings per year: 24 × 365 = 8,760 readings
Total bits: 32 × 8,760 = 280,320 bits
Total bytes: 280,320 ÷ 8 = 35,040 bytes
Total KB: 35,040 ÷ 1,024 = 34.21875 KB
Total MB: 34.21875 ÷ 1,024 = 0.0334 MB or 0.03 MB

Award marks:

1 mark: 24 × 365 = 8,760 (correct number of readings per year)
1 mark: 8,760 × 32 = 280,320 (total bits)
1 mark: Conversion to bytes (÷ 8) = 35,040 bytes
1 mark: Correct conversion to MB (÷ 1,024 ÷ 1,024) = 0.03 to 0.034 MB

Accept: 0.03, 0.033, 0.0334 MB (rounding variations) Accept: If ÷ 1,000 used instead of ÷ 1,024: final answer around 0.035 MB (award full marks if working consistent) Partial credit: Award marks for correct method even if arithmetic errors present

Question 5

(a) Describe what is meant by iterative development. [2]

1 mark each for two from:

Software is developed in repeated cycles / iterations
Each iteration produces a working version / prototype
Each version adds new features / improves on previous version
Testing and user feedback occurs after each iteration
Requirements can be refined between iterations
Process repeats until final product is complete
Accept: "incremental development", reference to agile methods
Reject: "trying again when you make a mistake" (confusion with iteration in loops)

(b) Compare iterative development with the waterfall model of software development. [4]

Award up to 4 marks for comparisons:

Points about waterfall:

Sequential stages / linear approach (1)
Each stage completed before next begins (1)
Difficult to go back to previous stages (1)
All requirements defined at the start (1)
Testing occurs late in the process (1)
User sees final product only at the end (1)

Points about iterative:

Cyclical / repeating process (1)
Produces working software regularly (1)
Easy to make changes / flexible (1)
Requirements can evolve / be refined (1)
Testing throughout development (1)
User feedback incorporated regularly (1)

Comparison statements explicitly contrasting both:

Waterfall is rigid whereas iterative is flexible (2)
Waterfall requires complete requirements upfront whereas iterative allows changing requirements (2)

Award marks for valid comparisons that show understanding of both models Maximum 4 marks Accept: Advantages/disadvantages of each if used comparatively

(c)(i) State what type of loop is being used in this algorithm. [1]

1 mark for:

Condition-controlled loop / post-condition loop
Accept: REPEAT...UNTIL loop
Reject: "loop" alone, FOR loop, WHILE loop

(c)(ii) Complete the trace table. [4]

Correct trace table:

Counter	Number	Total	Average
0		0
1	5	5
2	8	13
3	12	25
4	15	40
5	20	60
6	3	63
7	7	70
8	11	81
9	9	90
10	10	100	10

Award marks:

1 mark: Counter column correct (1, 2, 3... to 10)
1 mark: Number column correct (5, 8, 12, 15, 20, 3, 7, 11, 9, 10)
1 mark: Total column correct (cumulative sum: 5, 13, 25, 40, 60, 63, 70, 81, 90, 100)
1 mark: Average correct (10 in final row only)

Partial credit: Award marks for columns that are correct even if others contain errors Note: Table continues beyond the rows shown in question; accept if candidate shows at least up to the point where Counter = 10

Section B — Extended Response

Question 6

(a) Explain what is meant by an embedded system. [2]

1 mark each for two from:

A computer system built into / part of a larger device
Designed to perform a dedicated / specific function
Usually has real-time constraints / must respond within time limits
Often has minimal user interface / no general-purpose interface
Hardware and software designed for specific task
Accept: Examples if accompanied by defining characteristics
Reject: "a small computer" alone without reference to dedicated purpose

(b) Discuss the use of embedded systems in modern vehicles. [12]

Mark using levels of response:

Level 3 (9-12 marks): Comprehensive discussion

Detailed explanation of characteristics that make embedded systems suitable (real-time operation, reliability, dedicated function, low power, compact size)
Multiple advantages clearly explained with relevant examples (improved safety, efficiency, automation, driver assistance)
Thorough analysis of risks and limitations (system failure consequences, security vulnerabilities, complexity, maintenance, over-reliance)
Risk management strategies identified (redundancy, fail-safe mechanisms, regular updates, testing standards)
Well-structured answer with appropriate technical terminology
Arguments supported with relevant examples from vehicle systems
Shows clear understanding of trade-offs and real-world implications

Award 11-12 marks for answers that cover all aspects comprehensively with excellent use of examples and technical detail Award 9-10 marks for answers that cover all aspects well but with less detail or fewer examples

Level 2 (5-8 marks): Adequate discussion

Some characteristics explained but may lack depth
Several advantages identified with basic explanation
Some risks/limitations identified but analysis may be superficial
Risk management may be mentioned briefly or with limited detail
Generally sound understanding but lacks comprehensive coverage
Some appropriate technical terminology used
May be unbalanced (e.g., strong on advantages but weak on risks)
Examples may be generic or limited

Award 7-8 marks for answers covering most aspects adequately Award 5-6 marks for answers covering some aspects with reasonable understanding but significant omissions

Level 1 (1-4 marks): Limited discussion

Basic or incomplete explanation of characteristics
Few advantages stated, possibly as a simple list
Limited or no consideration of risks
Little or no discussion of risk management
May show misconceptions about embedded systems
Limited technical terminology or imprecise language
May be very brief or lack development
Few or no relevant examples

Award 3-4 marks for answers showing basic understanding with some valid points Award 1-2 marks for answers with very limited relevant content

0 marks: No creditable content

Indicative content:

Characteristics:

Real-time operation (engine management must respond immediately)
High reliability requirements (safety-critical)
Dedicated functions (each system has specific role)
Integrated into vehicle (not removable general-purpose computers)
Often operate autonomously without user intervention

Advantages:

Improved safety (ABS prevents skidding, airbag deployment, stability control)
Increased efficiency (optimal fuel injection, transmission control)
Enhanced driver experience (climate control, entertainment, navigation)
Automated functions (parking assistance, adaptive cruise control)
Diagnostics and monitoring (fault detection, maintenance alerts)
Coordination between systems (multiple systems work together)

Risks and limitations:

System failure can be dangerous/life-threatening
Complex systems difficult to diagnose and repair
Software bugs can affect safety
Security vulnerabilities (hacking, unauthorised access)
Over-reliance may reduce driver skill/attention
Expensive to replace or update
Older vehicles may not receive security updates
Electromagnetic interference possible

Risk management:

Redundant systems / backup mechanisms
Fail-safe design (safe mode if system fails)
Rigorous testing and safety standards
Regular software updates and patches
Secure communication protocols
Driver warnings and manual override options
Quality assurance in manufacturing

Question 7

(a) State two requirements of the Data Protection Act that the retailer must follow. [2]

1 mark each for any two from:

Data must be kept secure / protected from unauthorised access
Data must be accurate and up to date
Data must be obtained fairly and lawfully
Data must be used only for specified purposes
Data must not be kept longer than necessary
Data must be adequate, relevant and not excessive
Individuals have the right to access their data
Data must not be transferred outside the country without adequate protection
Accept: General Data Protection Regulation (GDPR) principles if correctly stated
Reject: Vague statements like "follow the law" without specific requirements

(b) Evaluate these two options for the online retailer. [14]

Mark using levels of response:

Level 3 (11-14 marks): Comprehensive evaluation

Thorough analysis of both options across multiple criteria
Clear comparison of costs (capital vs. operational, upfront vs. ongoing)
Detailed discussion of scalability and how each option meets growth needs
In-depth consideration of security and data protection implications for both
Comprehensive evaluation of reliability, availability, and business continuity
Discussion of control, management, and technical expertise requirements
Balanced evaluation showing understanding of trade-offs
Clear, justified recommendation based on the retailer's specific context
Excellent use of technical terminology throughout
Well-structured response addressing all specified points
Shows understanding of business implications not just technical features

Award 13-14 marks for outstanding evaluation with sophisticated analysis and compelling justified recommendation Award 11-12 marks for thorough evaluation covering all aspects well with clear recommendation

Level 2 (6-10 marks): Sound evaluation

Covers most of the specified criteria with reasonable depth
Some comparison between options but may lack depth in places
Discussion of security and costs present but may not fully explore implications
Some consideration of business context
Recommendation may be present but justification may be limited
Generally appropriate technical terminology
Structure may be less clear or some aspects underdeveloped
May show some imbalance in treatment of the two options
Understanding of technical and business issues present but not comprehensive

Award 9-10 marks for sound evaluation covering most aspects with adequate depth Award 7-8 marks for reasonable evaluation but with some omissions or limited depth Award 6 marks for basic evaluation of both options addressing several criteria

Level 1 (1-5 marks): Limited evaluation

Superficial treatment of the options
May list advantages/disadvantages without real evaluation
Limited comparison between options
May focus on only one or two criteria
Little or no business context considered
Recommendation may be absent or unjustified
Limited technical understanding shown
May contain misconceptions
Poor structure or very brief response

Award 4-5 marks for some valid points about both options but limited evaluation Award 2-3 marks for basic points, possibly focusing mainly on one option Award 1 mark for minimal relevant content

0 marks: No creditable content

Indicative content:

Cost implications:

On-site: High upfront capital costs (servers, storage, infrastructure), ongoing costs for power/cooling, maintenance costs, staff salaries; costs are predictable
Cloud: Low/no upfront costs, subscription/usage-based pricing, costs scale with usage, may become expensive at scale; costs can be variable

Scalability and performance:

On-site: Limited by physical hardware, scaling requires purchasing and installing new equipment (slow), may over-provision for peak times, capacity planning required
Cloud: Easily scalable (add resources as needed), instant scaling for peak times, elastic resources, pay for what you use, can scale globally

Security and data protection:

On-site: Physical control over hardware, can implement own security measures, responsible for all security aspects, Data Protection Act compliance responsibility clear, may lack expertise
Cloud: Provider responsible for physical security, encryption typically included, may have concerns about data location, shared responsibility model, provider expertise may exceed in-house capabilities, compliance certifications often provided

Reliability and availability:

On-site: Dependent on single location, vulnerable to local disasters/power outages, requires backup systems and disaster recovery planning, downtime directly impacts business
Cloud: Multiple data centers provide redundancy, high availability SLAs typically provided, geographically distributed, automatic failover, but dependent on internet connection

Control and management:

On-site: Complete control over hardware and software, can customize extensively, requires IT expertise in-house, direct access for troubleshooting, independence from third parties
Cloud: Less direct control, dependent on provider, limited customization in some cases, provider manages infrastructure, requires different skill set, vendor lock-in potential

Recommendation considerations:

As a rapidly growing retailer, cloud scalability advantages significant
Capital costs of on-site expansion may be prohibitive during growth phase
Security expertise of major cloud providers likely exceeds small in-house team
However, sensitivity of payment data may favour on-site control
Hybrid approach possible (non-sensitive data in cloud, payment data on-site)
Long-term costs should be calculated for both options at expected scale

Sample Answers with Examiner Commentary

Question 6(b) — Sample Answers

Grade A* (high distinction) answer

Embedded systems are particularly suitable for vehicle control applications because they are designed for real-time operation, which is essential in safety-critical situations. For example, an anti-lock braking system must respond within milliseconds to prevent wheel lock-up during emergency braking. These systems are also highly reliable because they perform dedicated functions rather than general-purpose computing, meaning there is less that can go wrong. Their compact size and low power consumption make them ideal for integrating multiple systems throughout a vehicle without requiring excessive space or draining the battery.

The advantages of embedded systems in vehicles are substantial. They significantly improve safety through features like ABS, which prevents skidding, electronic stability control that prevents rollovers, and automatic emergency braking systems that can detect obstacles and stop the vehicle. They also increase efficiency through precise control of fuel injection and engine timing, optimizing fuel consumption and reducing emissions. Driver convenience is enhanced through automated climate control, adaptive cruise control that maintains safe distances, and parking assistance systems that can steer the vehicle automatically.

However, there are significant risks associated with embedded systems in vehicles. System failures can have life-threatening consequences—if the engine management system fails while driving on a motorway, the vehicle could suddenly lose power in dangerous circumstances. The complexity of modern vehicles with dozens of interconnected embedded systems makes diagnosis and repair very difficult, requiring expensive specialist equipment. Security is a major concern, as researchers have demonstrated that vehicle systems can be hacked remotely, potentially allowing attackers to take control of steering or brakes. There is also the risk that drivers may become over-reliant on automated systems like lane-keeping assist and reduce their attention to the road, potentially causing accidents if the system fails or encounters a situation it cannot handle.

These risks must be carefully managed through several approaches. Redundant systems provide backup if primary systems fail—for example, dual braking systems ensure that if one fails, the other can still stop the vehicle. Fail-safe design means that if a system detects a fault, it enters a safe mode rather than failing catastrophically. Rigorous testing standards and safety certifications are required before vehicles can be sold. Regular software updates are necessary to patch security vulnerabilities, though this raises the challenge of ensuring vehicles receive updates throughout their lifetime. Driver warnings and the ability to manually override automated systems provide a human backup when systems malfunction.

Mark: 12/12

Examiner commentary: This is an exemplary response that demonstrates comprehensive understanding of all aspects of the question. The answer addresses characteristics, advantages, risks, and risk management in depth with specific, relevant examples throughout. The candidate shows sophisticated understanding of both technical aspects (real-time operation, redundancy) and broader implications (security, human factors). The response is well-structured with clear paragraphs addressing each aspect of the question, uses precise technical terminology correctly, and demonstrates the ability to analyse trade-offs and real-world implications. This response would achieve full marks in the highest band.

Grade C (pass) answer

Embedded systems are suitable for vehicles because they are designed to do specific jobs and can respond quickly. In a car, you need systems that work fast like the anti-lock brakes which stop the wheels locking up. Embedded systems are small so they can fit in different parts of the car and they don't use much power.

There are many advantages of using embedded systems in vehicles. They make cars safer by controlling the brakes and airbags. The engine management system makes the car more efficient by controlling the fuel and this saves petrol and is better for the environment. Embedded systems also make driving more comfortable with automatic climate control and entertainment systems. Some cars can even park themselves using embedded systems.

There are some risks with embedded systems in cars. If the system breaks down it could be dangerous, especially if an important system like the brakes stops working. The systems are very complicated so they are difficult to fix and might be expensive to repair. Hackers might be able to get into the car's computer systems and this could be dangerous. Some drivers might rely too much on automatic systems and not pay attention to the road.

To manage these risks, cars have backup systems so if one fails another can take over. The systems are tested carefully before the cars are sold. Cars can get software updates to fix problems. Drivers get warning lights if something is wrong.

Mark: 7/12

Examiner commentary: This response demonstrates sound understanding and addresses all the required aspects of the question, placing it in the middle of Level 2. The candidate identifies relevant characteristics, advantages, risks, and some risk management strategies with appropriate examples. However, the analysis lacks the depth and sophistication of higher-level responses. Points are stated but not fully developed—for example, "respond quickly" is mentioned but not explained in terms of real-time constraints or specific timing requirements. The discussion of risks is present but relatively superficial (e.g., "difficult to fix" without explaining why the complexity creates this difficulty). Some technical terminology is used correctly (embedded systems, engine management) but the language is sometimes imprecise ("breaks down" rather than "system failure"). To achieve a higher grade, the candidate would need to develop points more fully, provide more specific examples, and demonstrate deeper analysis of the implications and trade-offs involved.

Grade E (near miss) answer

Embedded systems are computers inside other devices. They are good for cars because they are small and can control things. Cars need computers to control the engine and other parts.

Embedded systems have lots of advantages. They make cars safer because they can control the brakes better than humans. They also make the car faster and more powerful. Modern cars have entertainment systems and sat nav which are embedded systems. These make driving easier and more enjoyable. Embedded systems can also tell you when something is wrong with your car.

There are some problems with embedded systems. They can break and then the car won't work. If the computer crashes the whole car might stop. They are expensive to buy and replace. Viruses might infect the car's computer like they do on regular computers. Some people don't know how to use all the technology in modern cars.

Cars are tested to make sure they are safe. If there is a problem the car will tell you with a warning light. You can take the car to a garage to get it fixed.

Mark: 3/12

Examiner commentary: This response falls in Level 1, showing basic awareness of the topic but with significant limitations. The candidate demonstrates some understanding that embedded systems are used in vehicles and offers a few valid points about advantages (safety, diagnostics) and risks (system failure, cost). However, the response lacks depth and contains some misconceptions. The claim that embedded systems make cars "faster and more powerful" confuses control systems with engine performance. The reference to "viruses" shows misunderstanding—while security is a concern, vehicle embedded systems face different threats than desktop computers face from typical viruses. The characteristics that make embedded systems suitable are barely addressed beyond "small" and "can control things." Risk management is mentioned only superficially without explaining mechanisms like redundancy or fail-safe design. The response would benefit from more specific examples, clearer explanation of how embedded systems work in vehicles, more accurate technical understanding, and development of points rather than simple assertions. To reach Grade C, the candidate needs to demonstrate deeper understanding of dedicated functionality, real-time operation, and the specific nature of automotive embedded systems, and provide more developed analysis rather than brief statements.

Question 7(b) — Sample Answers

Grade A* (high distinction) answer

The online retailer must carefully evaluate both options based on multiple criteria before making this strategic decision.

Cost implications: On-site infrastructure requires substantial upfront capital investment in servers, storage arrays, networking equipment, and physical infrastructure like server rooms with cooling and uninterruptible power supplies. This could represent hundreds of thousands of pounds. However, once purchased, the ongoing costs are relatively predictable—electricity, maintenance, and staff salaries. For a rapidly growing retailer, there is a risk of over-provisioning (buying more capacity than immediately needed) or under-provisioning (running out of capacity during peak trading periods). Cloud storage, conversely, requires minimal upfront investment. Costs are operational rather than capital, based on consumption—the retailer pays only for storage and computing resources actually used. This can be advantageous during growth phases, but costs can become substantial at scale, and a large retailer might eventually find that cloud costs exceed what on-site infrastructure would have cost over the same period.

Scalability and performance: This is where cloud storage has a decisive advantage for a growing retailer. On-site scaling is constrained by hardware—if the retailer experiences rapid growth or seasonal peaks (like Christmas shopping), expanding capacity means procuring, installing, and configuring new servers, which can take weeks or months. The retailer must forecast capacity needs well in advance. Cloud infrastructure, by contrast, offers elastic scalability—capacity can be increased almost instantly during peak periods and reduced when demand falls, ensuring the retailer only pays for what is needed. Given that the company is experiencing "rapid growth," this flexibility is particularly valuable, as predicting future requirements is challenging. Cloud providers also offer global distribution, meaning the retailer can easily expand to serve international customers with good performance.

Security and data protection: This is complex and cuts both ways. With on-site servers, the retailer has physical control over hardware and can implement security measures according to their own standards. However, this also means they bear full responsibility for security—they must employ security specialists, implement encryption, manage access controls, install and monitor intrusion detection systems, and ensure compliance with the Data Protection Act. For a retailer whose core competence is retail rather than IT security, this is challenging. Major cloud providers like AWS or Microsoft Azure employ large teams of security experts, implement sophisticated security measures, hold security certifications (ISO 27001, PCI DSS for payment data), and have more resources to defend against threats than most individual companies. However, cloud storage means trusting a third party with sensitive customer data, including payment card details. Some businesses are uncomfortable with this loss of control. Data location can also be a concern—the retailer must ensure that customer data is stored within jurisdictions with adequate data protection laws. A hybrid approach might be optimal—storing particularly sensitive payment card data on-site (tokenized) while using cloud storage for less sensitive data like purchase history.

Reliability and availability: On-site infrastructure is vulnerable to single points of failure. A power outage, fire, flood, or equipment failure at the retailer's location could take systems offline, directly impacting the business. The retailer must implement their own disaster recovery and business continuity plans, potentially including off-site backups and redundant systems, which increases costs. Cloud providers typically offer high availability through geographic redundancy—data is replicated across multiple data centers in different locations, and if one data center fails, another automatically takes over. Service Level Agreements (SLAs) typically guarantee 99.9% or higher uptime. However, the retailer becomes dependent on internet connectivity—if their internet connection fails, they cannot access cloud-stored data even though it remains available. For an online retailer where downtime directly translates to lost revenue, the superior redundancy and disaster recovery capabilities of cloud infrastructure represent a significant advantage.

Control and management: On-site infrastructure provides complete control—the retailer can customize systems extensively, choose specific hardware and software, and has direct physical access for troubleshooting. However, this requires employing skilled IT staff with expertise in server management, storage systems, networking, and security. For a growing company, recruiting and retaining such specialists can be expensive and challenging. Cloud infrastructure requires different skills—less hardware expertise but more focus on cloud architecture and service management. The retailer has less direct control and is somewhat dependent on their provider, with potential for vendor lock-in if data and applications are tightly integrated with provider-specific services.

Recommendation: For a rapidly growing online retailer, I would recommend adopting a hybrid cloud approach. The primary infrastructure should be cloud-based because the scalability advantages are crucial during growth—the retailer cannot afford to be constrained by hardware limitations during rapid expansion, and the elastic nature of cloud resources perfectly matches the variable demands of online retail. The superior disaster recovery and availability of cloud infrastructure are vital for a business where downtime means immediate revenue loss. While cloud costs can be substantial, the elimination of large capital expenditures and the pay-as-you-grow model provides better financial flexibility during expansion. However, the most sensitive data—particularly payment card information—should be tokenized and, if stored, kept in a PCI-compliant on-site or private cloud environment to maintain maximum security control and address data protection concerns. This hybrid approach leverages the strengths of both options while mitigating their respective weaknesses, providing scalability and reliability while maintaining appropriate control over the most sensitive data.

Mark: 14/14

Examiner commentary: This is an outstanding response that demonstrates sophisticated analysis and comprehensive evaluation. The candidate systematically addresses every specified criterion (cost, scalability, security, reliability, control) with substantial depth and understanding of both technical and business implications. The response goes beyond simply listing advantages and disadvantages by analyzing trade-offs and explaining why certain factors matter specifically to a growing online retailer. Excellent use of specific technical terminology (elastic scalability, tokenization, PCI DSS, SLA) demonstrates strong subject knowledge. The recommendation is particularly strong—it is clearly stated, thoroughly justified with reference to the retailer's specific context (rapid growth, online business), and shows sophisticated thinking by proposing a hybrid approach that recognizes that this is not simply a binary choice. The structure is clear and logical, making the response easy to follow despite its length and complexity. This response would be used as an exemplar for other markers and students.

Grade C (pass) answer

There are advantages and disadvantages to both upgrading on-site servers and moving to cloud storage.

Costs: On-site servers are very expensive to buy. The retailer would need to spend a lot of money on new servers and storage equipment. They would also need to pay for electricity to run the servers and keep them cool, and pay staff to look after them. Cloud storage doesn't have these big upfront costs—you just pay a monthly fee for what you use. This makes it easier for a growing company because they don't need to find lots of money all at once. However, over time the cloud fees could add up to be quite expensive.

Scalability: Cloud storage is much better for scalability. If the retailer needs more storage space or computing power, they can just upgrade their cloud package and get it immediately. With on-site servers, they would have to buy new servers and install them, which takes time. For a growing company this is important because they need to be able to expand quickly. During busy times like Christmas, cloud storage can expand to cope with more customers and then shrink again afterwards so you don't pay for capacity you don't need.

Security: Security is very important because the retailer stores customer data and payment card details. With on-site servers, the retailer has control over their own security and knows exactly where the data is stored. They can use their own firewalls and encryption. However, they need security experts on their staff which is expensive. Cloud providers have good security because they are big companies with lots of resources, and they specialize in keeping data safe. But some people worry about putting sensitive data in the cloud because it means trusting another company. There could be problems if hackers attack the cloud provider.

Reliability: If the on-site servers break down or there is a power cut, the retailer's website could go offline and they would lose sales. They would need backup systems which cost more money. Cloud providers have multiple data centers so if one has a problem, the others can take over. This means better reliability. They usually guarantee the service will be available 99.9% of the time. However, if the retailer's internet connection goes down, they can't access the cloud data even though it's still there.

Control: With on-site servers the retailer has complete control and can set up everything exactly how they want it. They can access the physical servers if they need to fix problems. With cloud storage they have less control and depend on the provider. If the cloud company has problems or changes their service, it affects the retailer.

Recommendation: I think the retailer should choose cloud storage because they are growing rapidly and cloud storage is much better for scalability. The costs are also better for a growing company because they don't need to spend lots of money upfront. The reliability is better too. However, they should make sure the cloud provider has good security for the payment card data and that they follow data protection laws.

Mark: 8/14

Examiner commentary: This response falls in the middle of Level 2, demonstrating sound understanding with reasonable coverage of all required criteria. The candidate addresses each specified point (cost, scalability, security, reliability, control) and shows adequate understanding of the trade-offs involved. Several valid points are made about each option, and there is some comparison between them. The recommendation is present and includes some justification based on the retailer's specific context (rapid growth). However, the evaluation lacks the depth and sophistication of higher-level responses. The analysis is somewhat superficial—for example, security is discussed but without mentioning specific concepts like PCI compliance, encryption standards, or the shared responsibility model. The discussion of costs mentions that cloud fees "could add up" but doesn't explore the implications in depth or consider the relationship between scale and cost-effectiveness. The structure is adequate but somewhat mechanical (working through each criterion in turn without making connections between them). Technical terminology is mostly appropriate but limited. To achieve a higher grade, the candidate would need to develop the analysis more fully, explore implications and trade-offs in greater depth, use more sophisticated technical language, and provide a more thoroughly justified recommendation that weighs the criteria against each other rather than simply stating that scalability is most important.

Grade E (near miss) answer

On-site servers and cloud storage both have good and bad points.

On-site servers are servers that the company owns and keeps in their building. This means they have control over them and can access them easily. They can make sure the data is secure by keeping it locked up. However, servers are very expensive to buy and they use a lot of electricity. You also need people who know about computers to run them. If the servers break, the website will stop working and customers won't be able to buy things.

Cloud storage is when you store data on the internet instead of on your own servers. The advantage of cloud storage is that it is cheaper because you don't have to buy servers. It is also easier because the cloud company looks after everything for you. You can access your data from anywhere which is convenient. However, cloud storage could be hacked by criminals who want to steal the customer data and credit card numbers. Also, if the internet stops working you can't access your data.

For a growing company, cloud storage is probably better because it is cheaper and easier. They don't have to spend lots of money on equipment and they can focus on their business instead of worrying about servers. The cloud company will have experts to manage everything.

I think the retailer should use cloud storage because it is more modern and most companies are using cloud now. It will save money and is more flexible for a growing business.

Mark: 4/14

Examiner commentary: This response falls in Level 1, showing basic awareness but with significant limitations in analysis and evaluation. The candidate demonstrates some understanding of what on-site and cloud storage are and mentions a few valid points about each (cost, security, accessibility, expertise requirements). However, the

Mark schemes are a Pro feature

Unlock full examiner-style mark schemes and grade-tiered sample answers across every paper.

See Pro pricing →

Finished the paper?

Reveal the mark scheme above, then dive into the topic notes to firm up anything you missed.

📚 Open subject revision notes →